NewsBits for March 20, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Hackers Claim NSA Breach Anti-U.S. military hackers claim to have compromised a computer at the National Security Agency in Ft. Meade, Maryland. But their target was the least secretive organization imaginable within the massive intelligence agency: the public affairs office. And instead of scoring a cache of highly-classified documents about the NSA's global surveillance work, the purported hackers mostly just obtained a few biographies of agency personnel, and a handful of private, but routine, correspondences between NSA spokespersons and media outlets, including CNN and Forbes. - - - - - - - - - - Web Sites Vandalized With Antiwar Messages A hacker group marred hundreds of Web sites with digital graffiti last night in an apparent response to the onset of the U.S.-led war against Iraq, prompting security experts to warn of further cyberattacks in the days to come. Unix Security Guards, a pro-Islamic hacking group, defaced nearly 400 Web sites Wednesday evening with antiwar slogans written in Arabic and English, according to iDefense, a Reston, Va.-based Internet security firm. - - - - - - - - - - Update: U.S. Army denies hacking Attack used IIS vulnerability. A March 10 computer attack on a server run by the U.S. Army using the recently disclosed Microsoft Internet Information Server (IIS) vulnerability resulted in the complete compromise of that machine and may herald the advent of a new worm in the very near future, according to security company TruSecure. The incident was an instance of a rare "zero day" attack, in which an as-yet unreported vulnerability is used to compromise a remote system, TruSecure said. Attack on Pentagon Computer Sparks Probe Authorities are investigating a computer attack on a U.S. military computer server that took advantage of a previously unknown flaw in a Microsoft Corp. program. The attacker accessed the Defense Department server last week through a machine running the Windows 2000 operating system and Microsoft's Internet Information Server, which is used for displaying Web pages to the public. (LA Times article, free registration required),1,3203041.story - - - - - - - - - - Virus writers latch onto war theme A new email worm is tricking people into opening dangerous attachments by promising military satellite images of Iraq. Virus writers have taken advantage of the onset of war to release an email supposedly offering a variety of war-themed attachments -- ranging from secret US spy pictures of Iraq to screensavers mocking US President George Bush. However, the emails actually contain a new worm called Ganda.,,t269-s2132215,00.html Viruses with a Cause,1377,58143,00.html - - - - - - - - - - Israel warns Web sites on war coverage Israel's top government censor has warned Web sites in her country not to publish sensitive information about the war with Iraq. Chief Censor Rachel Dolev sent a letter on Wednesday to "scoop" news sites, instructing editors to seek government permission before publishing information about "materials that could pose a threat to the security of the State of Israel and its residents." - - - - - - - - - - Texan to Lead House Cybersecurity Panel Congressional leaders have picked Rep. Mac Thornberry (R-Texas) to lead a new congressional subcommittee on cybersecurity, a House spokeswoman said today. Thornberry will head the subcommittee on Cybersecurity, Science, Research and Development. The panel is part of the House Select Committee on Homeland Security, which was created last month to oversee the new Department of Homeland Security. - - - - - - - - - - Feds Alert to Web Security Threat As the Department of Homeland Security urges Americans to be on high alert for potential acts of cyberterrorism, many computer security experts say military conflict doesn't change the fact that the Net is already a pretty dangerous place. "When it really gets down to it, we're getting security attacks on a daily basis," said Vincent Weafer, director of Symantec Security Response.,1367,58139,00.html - - - - - - - - - - Cyberspace an Invisible Front in War on Terrorism Businesses and government agencies have spent billions in recent years on computer security software and equipment, only to see the number and ferocity of computer attacks increase. Two weeks ago, just as the U.S. Army was at the height of preparing for an invasion of Iraq, a hacker broke into two Army computer servers, exploring their data and creating a channel to download it. "The hacker had full control of those machines," said Russ Cooper of Internet security company TruSecure Corp., the first to discover the breach. "It sort of raises the hair on the back of your neck." - - - - - - - - - - Computer viruses slowed but not contained, according to survey Computer virus infections rose more slowly in 2002, but a stronger breed meant the costs of recovery increased, a new survey found. The 306 companies examined had more than 1.2 million virus incidents affecting 900,000 personal computers, servers and network-perimeter gateways, said ICSA Labs, a unit of TruSecure Corp. of Herndon, Va. That's 113 infections a month for every 1,000 machines, up 10 percent from the 103 infections a month reported in the previous survey. The infection growth rate was about 13 percent in 2001 and 2000. - - - - - - - - - - Software piracy settlements on the rise Despite efforts to educate businesses about asset management, the number of software piracy cases against businesses that were settled with the Business Software Alliance (BSA) last year increased by 17 per cent compared with 2001. Last year 75 businesses made settlements with the BSA for using unlicensed software, up from 64 in 2001. - - - - - - - - - - Hollywood targets DVD copycat In the ongoing drama surrounding the Digital Millennium Copyright Act and Hollywood's copyrights, a St. Louis start-up has been unexpectedly thrust into a cameo role. Technology company 321 Studios, with a staff of 60 people, develops products to let people make high-quality replicas of DVDs. But last spring the movie studios, fearing that 321's technology would lead to rampant unauthorized copying, threatened to contact federal prosecutors. Public to chime in on copyright law - - - - - - - - - - Study: UK workers paranoid over e-mail snooping A staggering 60 percent of UK office workers believe their IT department regularly intercepts and reads their personal e-mails--and almost half believe their colleagues are in on the act in the hope of unearthing juicy gossip. Research conducted by Yahoo! revealed mass paranoia among the UK workforce when it comes to the sanctity of their e-mail inbox. Forty-five percent of the 18,000 office workers polled said they suspect colleagues of taking a sneaky peak at their e-mail when they step away from their desks. Sixty-one per cent levelled the more serious accusation of snooping at their tech team.,,t269-s2132248,00.html - - - - - - - - - - Tech plagued by new security failures This week, flaws in various operating systems put computer users at risk, including the U.S. military and everyone who uses a Windows-based machine. Linux and Unix users weren't immune, and even some cell phone users in Europe were hit by flaws.,,t269-s2132228,00.html Secret security holes released to public,,t269-s2132225,00.html - - - - - - - - - - Microsoft warns of firewall vulnerability Microsoft Corp. warned customers of another security vulnerability yesterday, this one affecting its Internet Security and Acceleration (ISA) Server 2000 firewall and Web cache product. A software flaw was found in the ISA Server's Domain Name Service (DNS) intrusion- detection application filter that could allow an attacker to launch a denial-of-service attack against the ISA Server that prevents that device from processing DNS requests.,10801,79537,00.html - - - - - - - - - - Microsoft patch freezes some systems A patch for a security flaw that affects Microsoft's Web server software running on Windows 2000 has caused system freezes for some customers, the company said Thursday. The company became aware of the problem after several customers who applied the patch, released Monday, complained that their updated Windows 2000 system wouldn't run, said Iain Mulholland, program manager for the Microsoft Security Response Center. - - - - - - - - - - Microsoft's Scott Charney on security in a time of war Scott Charney, chief security strategist at Microsoft Corp., has extensive dealings with the government in the area of security on behalf of Microsoft, and his background also includes an eight-year stint as chief of the Computer Crime and Intellectual Property Section in the criminal division at the Department of Justice from 1991 to 1999. Under his direction, the agency investigated and prosecuted national and international hacker cases, economic espionage cases and violations of federal criminal copyright and trademark laws. He spoke this week spoke with Computerworld about areas of concern for IT professionals during a time of war.,10801,79554,00.html - - - - - - - - - - The MS 'friendly' security alert service - just say d'oh Last month Microsoft introduced a security alert notification service for the masses, intended to be less frightening and confusing to normal people than the Technet advisories, and maybe giving them some advice as well. There have been a couple of security alerts under the bridge since then, so as a service to the readers we at The Register feel it's time to do a compare and contrast. - - - - - - - - - - IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot. An attacker has compromised a Sun Solaris server on a production network using an exploit for the dtspcd service in CDE; a Motif-based graphical user environment for Unix systems. You are the senior security engineer of the Security Operations Center (SOC) for your company and are required to find out how the box was compromised and by whom. Using only a Snort binary capture file from the remote log server, you are to conduct a complete analysis of all IDS captures, log files, and an inspection of the file system. - - - - - - - - - - Antiwar Campaign Spreads Online Organizers post instructions on where to protest. Military supporters are active on Internet, too. The Internet has become the virtual office for many antiwar organizing efforts, with Web sites posting letter-writing campaigns, candlelight vigils -- and now -- instructions for where to protest. (LA Times article, free registration required),1,4462311.story *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.